/**
* @deprecated use method taking Extensions
* @param responderID
* @param producedAt
* @param responses
* @param responseExtensions
*/
public ResponseData(
ResponderID responderID,
DERGeneralizedTime producedAt,
ASN1Sequence responses,
X509Extensions responseExtensions) {
this(V1, responderID, producedAt, responses, Extensions.getInstance(responseExtensions));
}
private ResponseData(ASN1Sequence seq) {
int index = 0;
if (seq.getObjectAt(0) instanceof ASN1TaggedObject) {
ASN1TaggedObject o = (ASN1TaggedObject) seq.getObjectAt(0);
if (o.getTagNo() == 0) {
this.versionPresent = true;
this.version = ASN1Integer.getInstance((ASN1TaggedObject) seq.getObjectAt(0), true);
index++;
} else {
this.version = V1;
}
} else {
this.version = V1;
}
this.responderID = ResponderID.getInstance(seq.getObjectAt(index++));
this.producedAt = (DERGeneralizedTime) seq.getObjectAt(index++);
this.responses = (ASN1Sequence) seq.getObjectAt(index++);
if (seq.size() > index) {
this.responseExtensions =
Extensions.getInstance((ASN1TaggedObject) seq.getObjectAt(index), true);
}
}
/**
* Look up the extension associated with the passed in OID.
*
* @param oid the OID of the extension of interest.
* @return the extension if present, null otherwise.
*/
public Extension getExtension(ASN1ObjectIdentifier oid) {
if (extensions != null) {
return extensions.getExtension(oid);
}
return null;
}
/**
* Parse a {@link OCSPStatusRequest} from an {@link InputStream}.
*
* @param input the {@link InputStream} to parse from.
* @return a {@link OCSPStatusRequest} object.
* @throws IOException
*/
public static OCSPStatusRequest parse(InputStream input) throws IOException {
Vector responderIDList = new Vector();
{
int length = TlsUtils.readUint16(input);
if (length > 0) {
byte[] data = TlsUtils.readFully(length, input);
ByteArrayInputStream buf = new ByteArrayInputStream(data);
do {
byte[] derEncoding = TlsUtils.readOpaque16(buf);
ResponderID responderID = ResponderID.getInstance(TlsUtils.readDERObject(derEncoding));
responderIDList.addElement(responderID);
} while (buf.available() > 0);
}
}
Extensions requestExtensions = null;
{
int length = TlsUtils.readUint16(input);
if (length > 0) {
byte[] derEncoding = TlsUtils.readFully(length, input);
requestExtensions = Extensions.getInstance(TlsUtils.readDERObject(derEncoding));
}
}
return new OCSPStatusRequest(responderIDList, requestExtensions);
}
public byte[] getExtensionValue(String oid) {
Extensions exts = c.getTBSCertList().getExtensions();
if (exts != null) {
Extension ext = exts.getExtension(new ASN1ObjectIdentifier(oid));
if (ext != null) {
try {
return ext.getExtnValue().getEncoded();
} catch (Exception e) {
throw new IllegalStateException("error parsing " + e.toString());
}
}
}
return null;
}
private Set getExtensionOIDs(boolean critical) {
if (this.getVersion() == 2) {
Extensions extensions = c.getTBSCertList().getExtensions();
if (extensions != null) {
Set set = new HashSet();
Enumeration e = extensions.oids();
while (e.hasMoreElements()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
Extension ext = extensions.getExtension(oid);
if (critical == ext.isCritical()) {
set.add(oid.getId());
}
}
return set;
}
}
return null;
}
/**
* Encode this {@link OCSPStatusRequest} to an {@link OutputStream}.
*
* @param output the {@link OutputStream} to encode to.
* @throws IOException
*/
public void encode(OutputStream output) throws IOException {
if (responderIDList == null || responderIDList.isEmpty()) {
TlsUtils.writeUint16(0, output);
} else {
ByteArrayOutputStream buf = new ByteArrayOutputStream();
for (int i = 0; i < responderIDList.size(); ++i) {
ResponderID responderID = (ResponderID) responderIDList.elementAt(i);
byte[] derEncoding = responderID.getEncoded(ASN1Encoding.DER);
TlsUtils.writeOpaque16(derEncoding, buf);
}
TlsUtils.checkUint16(buf.size());
TlsUtils.writeUint16(buf.size(), output);
buf.writeTo(output);
}
if (requestExtensions == null) {
TlsUtils.writeUint16(0, output);
} else {
byte[] derEncoding = requestExtensions.getEncoded(ASN1Encoding.DER);
TlsUtils.checkUint16(derEncoding.length);
TlsUtils.writeUint16(derEncoding.length, output);
output.write(derEncoding);
}
}
/**
* Returns a string representation of this CRL.
*
* @return a string representation of this CRL.
*/
public String toString() {
StringBuffer buf = new StringBuffer();
String nl = System.getProperty("line.separator");
buf.append(" Version: ").append(this.getVersion()).append(nl);
buf.append(" IssuerDN: ").append(this.getIssuerDN()).append(nl);
buf.append(" This update: ").append(this.getThisUpdate()).append(nl);
buf.append(" Next update: ").append(this.getNextUpdate()).append(nl);
buf.append(" Signature Algorithm: ").append(this.getSigAlgName()).append(nl);
byte[] sig = this.getSignature();
buf.append(" Signature: ").append(new String(Hex.encode(sig, 0, 20))).append(nl);
for (int i = 20; i < sig.length; i += 20) {
if (i < sig.length - 20) {
buf.append(" ").append(new String(Hex.encode(sig, i, 20))).append(nl);
} else {
buf.append(" ")
.append(new String(Hex.encode(sig, i, sig.length - i)))
.append(nl);
}
}
Extensions extensions = c.getTBSCertList().getExtensions();
if (extensions != null) {
Enumeration e = extensions.oids();
if (e.hasMoreElements()) {
buf.append(" Extensions: ").append(nl);
}
while (e.hasMoreElements()) {
ASN1ObjectIdentifier oid = (ASN1ObjectIdentifier) e.nextElement();
Extension ext = extensions.getExtension(oid);
if (ext.getExtnValue() != null) {
byte[] octs = ext.getExtnValue().getOctets();
ASN1InputStream dIn = new ASN1InputStream(octs);
buf.append(" critical(").append(ext.isCritical()).append(") ");
try {
if (oid.equals(Extension.cRLNumber)) {
buf.append(
new CRLNumber(ASN1Integer.getInstance(dIn.readObject()).getPositiveValue()))
.append(nl);
} else if (oid.equals(Extension.deltaCRLIndicator)) {
buf.append(
"Base CRL: "
+ new CRLNumber(
ASN1Integer.getInstance(dIn.readObject()).getPositiveValue()))
.append(nl);
} else if (oid.equals(Extension.issuingDistributionPoint)) {
buf.append(IssuingDistributionPoint.getInstance(dIn.readObject())).append(nl);
} else if (oid.equals(Extension.cRLDistributionPoints)) {
buf.append(CRLDistPoint.getInstance(dIn.readObject())).append(nl);
} else if (oid.equals(Extension.freshestCRL)) {
buf.append(CRLDistPoint.getInstance(dIn.readObject())).append(nl);
} else {
buf.append(oid.getId());
buf.append(" value = ").append(ASN1Dump.dumpAsString(dIn.readObject())).append(nl);
}
} catch (Exception ex) {
buf.append(oid.getId());
buf.append(" value = ").append("*****").append(nl);
}
} else {
buf.append(nl);
}
}
}
Set set = getRevokedCertificates();
if (set != null) {
Iterator it = set.iterator();
while (it.hasNext()) {
buf.append(it.next());
buf.append(nl);
}
}
return buf.toString();
}
/**
* Generate a TimeStampToken for the passed in request and serialNumber marking it with the passed
* in genTime.
*
* @param request the originating request.
* @param serialNumber serial number for the TimeStampToken
* @param genTime token generation time.
* @param additionalExtensions extra extensions to be added to the response token.
* @return a TimeStampToken
* @throws TSPException
*/
public TimeStampToken generate(
TimeStampRequest request,
BigInteger serialNumber,
Date genTime,
Extensions additionalExtensions)
throws TSPException {
ASN1ObjectIdentifier digestAlgOID = request.getMessageImprintAlgOID();
AlgorithmIdentifier algID = new AlgorithmIdentifier(digestAlgOID, DERNull.INSTANCE);
MessageImprint messageImprint = new MessageImprint(algID, request.getMessageImprintDigest());
Accuracy accuracy = null;
if (accuracySeconds > 0 || accuracyMillis > 0 || accuracyMicros > 0) {
ASN1Integer seconds = null;
if (accuracySeconds > 0) {
seconds = new ASN1Integer(accuracySeconds);
}
ASN1Integer millis = null;
if (accuracyMillis > 0) {
millis = new ASN1Integer(accuracyMillis);
}
ASN1Integer micros = null;
if (accuracyMicros > 0) {
micros = new ASN1Integer(accuracyMicros);
}
accuracy = new Accuracy(seconds, millis, micros);
}
ASN1Boolean derOrdering = null;
if (ordering) {
derOrdering = ASN1Boolean.getInstance(ordering);
}
ASN1Integer nonce = null;
if (request.getNonce() != null) {
nonce = new ASN1Integer(request.getNonce());
}
ASN1ObjectIdentifier tsaPolicy = tsaPolicyOID;
if (request.getReqPolicy() != null) {
tsaPolicy = request.getReqPolicy();
}
Extensions respExtensions = request.getExtensions();
if (additionalExtensions != null) {
ExtensionsGenerator extGen = new ExtensionsGenerator();
if (respExtensions != null) {
for (Enumeration en = respExtensions.oids(); en.hasMoreElements(); ) {
extGen.addExtension(
respExtensions.getExtension(ASN1ObjectIdentifier.getInstance(en.nextElement())));
}
}
for (Enumeration en = additionalExtensions.oids(); en.hasMoreElements(); ) {
extGen.addExtension(
additionalExtensions.getExtension(ASN1ObjectIdentifier.getInstance(en.nextElement())));
}
respExtensions = extGen.generate();
}
TSTInfo tstInfo =
new TSTInfo(
tsaPolicy,
messageImprint,
new ASN1Integer(serialNumber),
new ASN1GeneralizedTime(genTime),
accuracy,
derOrdering,
nonce,
tsa,
respExtensions);
try {
CMSSignedDataGenerator signedDataGenerator = new CMSSignedDataGenerator();
if (request.getCertReq()) {
// TODO: do we need to check certs non-empty?
signedDataGenerator.addCertificates(new CollectionStore(certs));
signedDataGenerator.addAttributeCertificates(new CollectionStore(attrCerts));
}
signedDataGenerator.addCRLs(new CollectionStore(crls));
if (!otherRevoc.isEmpty()) {
for (Iterator it = otherRevoc.keySet().iterator(); it.hasNext(); ) {
ASN1ObjectIdentifier format = (ASN1ObjectIdentifier) it.next();
signedDataGenerator.addOtherRevocationInfo(
format, new CollectionStore((Collection) otherRevoc.get(format)));
}
}
signedDataGenerator.addSignerInfoGenerator(signerInfoGen);
byte[] derEncodedTSTInfo = tstInfo.getEncoded(ASN1Encoding.DER);
CMSSignedData signedData =
signedDataGenerator.generate(
new CMSProcessableByteArray(PKCSObjectIdentifiers.id_ct_TSTInfo, derEncodedTSTInfo),
true);
return new TimeStampToken(signedData);
} catch (CMSException cmsEx) {
throw new TSPException("Error generating time-stamp token", cmsEx);
} catch (IOException e) {
throw new TSPException("Exception encoding info", e);
}
}
